Is Conficker Finally History?

Graphic: Diego AguirreIs it time to put Conficker in the history books? Is Conficker really a dud? The truth is, nobody knows. Conficker gained so much attention in part because of the sheer number of computers it was able to infect. But nobody knows for sure what Conficker can accomplish. However, at the time of this writing no Conficker-related catastrophes have surfaced and some think the threat never will. So as attention shifts away from Conficker, it's important to know where we stand against the world's most famous piece of malware.

How big is the Conficker threat?

The general consensus seems to be that approximately 3 million computers are infected on any given day. The number 15 million gets thrown around a lot as well, but that number includes computers that were infected and then scrubbed clean of the malware. Keep in mind that the actual number of infected computers is also very hard to ascertain since security experts can only count infected Internet protocol (IP) addresses and not individual computers, according to Roel Schouwenberg, a security expert with Kaspersky labs. Since an entire company could be behind one IP, the number of infected devices remains a bit of a mystery.

The Vietnamese security company Bkis (which offers the pie chart below, of infections by country) says approximately 2.2 million computers are currently infected with Conficker A and B, and about 1.2 million computers carry Conficker C, the latest version of the worm, according to reports. The Conficker C number is the most worrisome since that is the version that can most effectively update itself through p2p networking with no need to phone home for an update.

The world's biggest problem areas for Conficker infections are in Asia, Eastern Europe and South America, although there seems to be some disagreement on which countries are the hardest hit.

How important is Microsoft's Conficker Patch and who can get it?

Does Microsoft have the power to stop Conficker dead in its tracks? Common sense seems to say yes, because if everybody had Microsoft's Conficker patch the problem would be solved, right? Not so, says Schouwenberg. Even though Conficker-infected regions contain a high amount of computers with pirated Windows software, the blame should not be placed at Microsoft's feet.

Microsoft allows both pirate and genuine Windows users to download critical security updates. However, most pirate users have Windows' automatic updates turned off to avoid Microsoft's piracy detection tool. Pirate users could get the software from Microsoft's download center, but it's unknown how many users are actually doing that.

Another problem, Schouwenberg says, is that Internet service providers in problem regions are not as security conscious as they are in the United States. If the ISPs are not actively monitoring security on their networks and blocking the necessary ports that Conficker can sneak onto, then unpatched computers remain at risk.

But the Conficker patch and port blocking are not cure-alls. According to Schouwenburg, the security patch is most effective against Conficker A, but since Conficker has three main flavors (A, B and C), patches are not the only answer. As always, the best defense is to make sure your antivirus programs are up to date and to do a full security scan regularly. If you're worried that you might be infected, the Conficker Working Group has a simple test that can help.

If you are a pirate Windows user, you have amnesty for critical downloads so get the Conficker patch as soon as possible. Remember, we may be forgetting about the worm, but Conficker's authors still have the capability to inflict harm. Whether that will happen is anybody's guess, but making sure your computer is secure is always the best policy.